← Back to context

Comment by mustache_kimono

3 days ago

> You can use error codes instead; many libraries, especially from Google, do just that. And there are more modern approaches, like std::optional and std::expected:

Even if we are to accept this, we'd be back to an "adopt a subset of C++" argument.

You're right in one sense -- these are more modern approaches to errors, which were adopted in 2017 and 2023 respectively (with years for compilers to implement...). But FWIW we should note that these aren't really idiomatic C++, whereas algebraic data types is a baked in, 1.0, feature of Rust.

So -- you really don't want to adopt C++. You want to adopt a dialect of C++ (perhaps the very abstract notion of "modern C++"). But your argument is much more like "C++ has lambdas too!" than you may care to admit. Because of course it does. C++ is the kitchen sink. And that's the problem. You may want the smaller language inside of C++ that's dying to get out, but C++'s engineering values are actually "we are the kitchen sink!". TBF Rust's values are sometimes distinct too, but I'm not sure you've really examined just how different C++'s values are from kernel C, and why the kitchen sink might be a problem for the Linux kernel.

You say:

> RAII, smart pointers, overloadable functions, namespaces, and templates, and do so using the existing GCC toolchain

"Modern C++" simply doesn't solve the problem. Google has been very clear Rust + C++ codebases have worked well. But the places where it sees new vulnerabilities are mostly in new memory unsafe (read C++) code.

See: https://security.googleblog.com/2024/09/eliminating-memory-s...

2 comments

mustache_kimono

Reply
IcyWindows  2 days ago

Isn't "Rust without panics" a subset of Rust?

  • mustache_kimono  2 days ago

    > Isn't "Rust without panics" a subset of Rust?

    I'm not sure there is much in your formulation.

    It would seem to me to be a matter of program design, and programmer discretion, rather than a "subset of the language". Re: C++, we are saying "Don't use at least these dozen features, because they don't work well at many cooks scale, and/or they combine in ways which are non-orthogonal. We don't want you to use them because they complect[0] the code." Re: no panic Rust, we are saying "Don't call panic!(), because obviously you want a different program behavior in this context." These are different things.

    [0]: https://www.youtube.com/watch?v=SxdOUGdseq4